CVE-2021-22133

CVE-2021-22133

Vendor Elastic
Product Elastic APM Agent for Go
Weakness CWE-532 · Sensitive info in logs
Published February 10, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The Elastic APM agent for Go versions before 1.11.0 can leak sensitive HTTP header information when logging the details during an application panic. Normally, the APM agent will sanitize sensitive HTTP header details before sending the information to the APM server. During an application panic it is possible the headers will not be sanitized before being sent.

Key dates

02Disclosure timeline

February 10, 2021 CVE published
August 3, 2024 Record updated